1# ccci device for internal modem 2allow emdlogger ccci_device:chr_file { rw_file_perms }; 3 4# eemcs device for external modem 5allow emdlogger eemcs_device:chr_file { rw_file_perms }; 6 7# C2K project SDIO device for external modem ttySDIO2 control port, ttySDIO8 log port 8allow emdlogger ttySDIO_device:chr_file { rw_file_perms }; 9 10# C2K project modem device for external modem vmodem start/stop/ioctl modem 11allow emdlogger vmodem_device:chr_file { rw_file_perms }; 12 13# usb device ttyGSx for modem logger usb logging 14allow emdlogger ttyGS_device:chr_file { rw_file_perms}; 15 16# for modem logging sdcard access 17allow emdlogger sdcard_type:dir { create_dir_perms }; 18allow emdlogger sdcard_type:file { create_file_perms }; 19 20# modem logger access on /data/mdlog 21allow emdlogger mdlog_data_file:dir { create_dir_perms relabelto }; 22allow emdlogger mdlog_data_file:fifo_file { create_file_perms }; 23allow emdlogger mdlog_data_file:file { create_file_perms }; 24 25# modem logger control port access /dev/ttyC1 26allow emdlogger mdlog_device:chr_file { rw_file_perms}; 27 28#modem logger SD logging in factory mode 29allow emdlogger vfat:dir create_dir_perms; 30allow emdlogger vfat:file create_file_perms; 31 32#modem logger permission in storage in android M version 33allow emdlogger mnt_user_file:dir search; 34allow emdlogger mnt_user_file:lnk_file read; 35allow emdlogger storage_file:lnk_file read; 36 37#permission for storage link access in vzw Project 38allow emdlogger mnt_media_rw_file:dir search; 39 40 41#permission for use SELinux API 42#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs" 43allow emdlogger rootfs:file r_file_perms; 44 45#permission for storage access storage 46allow emdlogger storage_file:dir { create_dir_perms }; 47allow emdlogger tmpfs:lnk_file read; 48allow emdlogger storage_file:file { create_file_perms }; 49 50#permission for read boot mode 51#avc: denied { open } path="/sys/devices/virtual/BOOT/BOOT/boot/boot_mode" dev="sysfs" 52allow emdlogger sysfs_boot_mode:file { read open }; 53 54# Allow read to sys/kernel/ccci/* files 55allow emdlogger sysfs_ccci:dir search; 56allow emdlogger sysfs_ccci:file r_file_perms; 57 58allow emdlogger sysfs_mdinfo:file r_file_perms; 59allow emdlogger sysfs_mdinfo:dir search; 60 61# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 62# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 63allow emdlogger system_file:dir read; 64 65 66# purpose: allow emdlogger to access storage in N version 67allow emdlogger media_rw_data_file:file { create_file_perms }; 68allow emdlogger media_rw_data_file:dir { create_dir_perms }; 69 70#avc: denied { connectto } for path=006165653A72747464 scontext=u:r:emdlogger:s0 71#tcontext=u:object_r:aee_aed_socket:s0 tclass=unix_stream_socket permissive=0 72#security issue control 73allow emdlogger crash_dump:unix_stream_socket connectto; 74 75# For dynamic CCB buffer feature 76#avc: denied { read write } for name="lk_env" dev="proc" ino=4026532192 77#scontext=u:r:emdlogger:s0 tcontext=u:object_r:proc_lk_env:s0 tclass=file permissive=0 78#avc: denied { read } for name="mmcblk0p3" dev="tmpfs" ino=8493 scontext=u:r:emdlogger:s0 79# tcontext=u:object_r:para_block_device:s0 tclass=blk_file permissive=0 80allow emdlogger para_block_device:blk_file { read open write }; 81allow emdlogger proc_lk_env:file { read write ioctl open }; 82 83## purpose: avc: denied { read } for name="plat_file_contexts" 84#allow emdlogger file_contexts_file:file { read getattr open map}; 85 86allow emdlogger block_device:dir search; 87allow emdlogger md_block_device:blk_file { read open }; 88allow emdlogger self:capability { chown }; 89 90 91# purpose: allow emdlogger to access persist.meta.connecttype 92get_prop(emdlogger, vendor_mtk_meta_connecttype_prop) 93 94# purpose: allow emdlogger to create socket 95allow emdlogger port:tcp_socket { name_connect name_bind }; 96allow emdlogger emdlogger:tcp_socket { create connect setopt bind }; 97allow emdlogger emdlogger:tcp_socket { bind setopt listen accept read write }; 98allow emdlogger node:tcp_socket node_bind; 99 100# Android P migration 101get_prop(emdlogger, vendor_mtk_usb_prop) 102 103allow emdlogger vendor_configs_file:file map; 104 105# Date : WK19.12 106# Operation: add permission to catch logs 107# Purpose : get kernel and radio logs when modem exception 108allow emdlogger kernel:system syslog_read; 109allow emdlogger logcat_exec:file {rx_file_perms}; 110allow emdlogger logdr_socket:sock_file write; 111 112# Add permission to access new bootmode file 113allow emdlogger sysfs_boot_info:file r_file_perms; 114